Shortened URLs: Safe? Or Sabotaged?

Posted by:

Before you click that shortened URL, know the (harsh) facts.

Short links, shortened URLs, tiny URLs: Whatever you call them, they’re everywhere. More than 200 link-shortening services—including the popular Bitly, TinyURL, Google URL Shortener, and Twitter’s link service—turn millions of long, unwieldy URLs into short, spiffy links.

The convenience factor is clear. Sometimes you don’t want a four-line link filled with crazy characters cluttering your email or Facebook post. Platforms like Twitter have rigid character counts that can be completely devoured by lengthy URLs. So shortened links can be a godsend.

However …

As useful as they are, condensed URLs can be dangerous—and you should click with caution.

What’s the problem?

Lack of transparency, for one. Abbreviated links obscure details about the URL destination and can secretly house malware—or when clicked—take you to an illegitimate site.

Unlike with a normal URL, hovering over a condensed link won’t reveal telling details. You don’t know where it leads until you click it.

In addition, private information stored in some cloud services like OneDrive, GoogleDrive, and Google Maps is known to be vulnerable. Cybercrooks have accessed scores of files with shortened links and leaked sensitive data. (Short links are much easier to “brute-force scan” than long URLs, which makes them desirable hacking targets.)

While opening a shortened URL can be perfectly safe, it’s best to take these protective measures:

Scanning & Preview Services
  • Copy the URL into a link scanner, such as:
  • Some shortener services allow you to preview the link by adding a character like “+” to the end; for example (note, these are fake links):
    • gl/ON64Va+ or
  • Paste the URL into an unshortening service to preview the link and get safety ratings:
  • Chrome and Firefox have extensions allowing you to abbreviate URLs inside the browser.
  • Enable “real-time” or “active” scanning in your anti-malware software to nab malware before it invades your system
  • Keep anti-malware and anti-virus software up to date
Common Sense
  • Don’t take the clickbait! However tempting it is to “discover shocking anti-aging secrets” or learn what happens when “man tries to hug a wild lion,” resist. Clickbait can be perilous.
  • When on email and social media, click links from trusted sources only. Not sure? Check with the sender or run the link through a scanning/preview service.

Yes, you may have to jump through a few hoops to make sure you’re not being duped, but it’s well worth the effort. After all, one little click can lead to dire consequences.

Related reading on our blog:

How to Recognize Social Engineering Attacks

Dirty, Rotten Phish

Social-Engineering Attacks

Shortened URLs: Safe Or Sabotaged? Here’s What You Need to Know
Article Name
Shortened URLs: Safe Or Sabotaged? Here’s What You Need to Know
Shortened URLs are convenient and popular. But they can also be a breeding ground for malicious activity. Should you click? Or steer clear? Here, the tips and tools you need to stay safe.
Publisher Name
Publisher Logo

About the Author:

Lisa McComsey is a freelance writer, marketing consultant, and contributor to K12USA’s website and blog. In addition to her passion for technology, Lisa is a running and bicycling enthusiast, author of two books ("The Vegan Cheat Sheet" and "Seagan Eating"), and a hopeless chocolate addict.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.